As usage of electronic authorizations increase, problems such as fraud continue to persist. One way to reduce fraud in electronic authorizations is to authenticate the identification device, or other portable consumer device, used in the electronic authorizations. Another way to reduce fraud in electronic authorizations is to encrypt identification information that is stored, sent or received during the electronic authorization process so any information that might be intercepted during the authorization process cannot be used by unauthorized entities.
FIG. 1 depicts a conventional credit card. Credit card 100 comprises various identification or authentication information such as name 130, credit card account number 110 and anti-counterfeiting feature 120. Typically name 130, is the name of the credit card account holder. Credit card account number 110 is usually an account number associated with a credit card account and the credit card 100. Anti-counterfeiting feature 120 can be one or more of a number of features. For example, anti counterfeiting feature 120 can be a holographic image of a company logo, emblem or name.
Conventionally, anti-counterfeiting feature 120 is any type of feature that is difficult, expensive or complicated to reproduce. However, physical anti-counterfeiting feature 120 can do little to inhibit electronic or non-face-to-face authorization fraud. If an unauthorized user obtains credit card account number 110, he or she can use it to make credit card purchases over the Internet or over the telephone. As long as the unauthorized user has the correct account number, expiration date and possibly a CVV, the unauthorized user can make many unauthorized purchases before the fraudulent activity is detected. Most, if not all, information necessary to make remote fraudulent purchases is usually readily available to anyone who views the card. The identification information seen on the front of credit card 100, is typically also contained in a computer readable medium not shown in FIG. 1.
As with any electronic transaction, there is always a chance that information contained in the authorization request message used in an electronic authorization can potentially be intercepted while it is being electronically transmitted. During an electronic authorization, an authentication request message comprising identification information and other information is transmitted to a remote server. While the authentication request message is being transmitted, the identification information is subject to theft by electronic means. In an attempt to thwart such theft, many companies have resorted to encrypting identification information printed on or contained in the electronic media of credit card 100 as it is transmitted electronically to the remote authentication server. Such measures afford credit card companies a certain degree of confidence that the credit card numbers they receive are indeed valid consumer credit card account numbers submitted by authorized consumers. However, the more the consumer credit card account number is transmitted; the chance that the information is intercepted during transmission increases. Likewise, the more the credit card number is used, the chance of an unauthorized user breaking the encryption code increases.
FIG. 2 depicts an encryption methodology. Account number 210 is the account number printed or encoded on a credit card. However, account number 210 is not the actual account number associated with the consumer credit account. Rather, account number 220 is the actual account number associated with the consumer credit account. Digits 230 are encrypted. Digits 230 in account number 210 are converted from those shown to the digits shown in digits 230 in account number 220. The conversion involves an encryption that requires an encryption key. Anyone with the encryption key can convert digits 230 between the encrypted account number 210 and the unencrypted in account number 220. As previously mentioned, the more the consumer account number is used and transmitted for authorization the more likely it becomes that an unauthorized user will intercept and decrypt the consumer account number.
It is therefore clear that improvements to encryption technology to reduce the chance of account number 210 from being decrypted and used by an unauthorized user are desirable. Embodiments of the disclosure address the above problems, and other problems, individually and collectively.